truest.blue Posted May 21, 2011 Posted May 21, 2011 Hi People I've just bought a Pineapple a month ago from Hak.5 Can't get it to work Don't know what I’m doing wrong. Basically I start karma and have a bunch of clients which were previously connected to some SSID. And that SSID is not being currently broadcasted. When I start Karma, All i see is my pc which I’ve connected myself to the Pineapple SSID I've tried adding the SSID to whitelist, Still doesn’t work. Tried using different SSID's with WEP, WPA, and WPA2-PSK Still won’t work Any help and advice is much appreciate Quote
Netshroud Posted May 21, 2011 Posted May 21, 2011 If they're associated with another access point, they'll stay associated. You have to disassociate them somehow (deauth attack, probably) to get them to look around again and notice Karma. Quote
truest.blue Posted May 21, 2011 Author Posted May 21, 2011 I don't quite understand what you’re saying. But I'll tell you what I exactly did A workstation in my house is connected to my wireless router using the xxx SSID. What I do is turn the wireless router off. So that SSID is not being broadcasted anymore Turn on Karma. Then turn on the workstation which was connected to the xxx SSID. So why does Karma not pick it up? Using inssider I could actually see that a SSID with the same name xxx is being Broadcasted from Jasager But the victim/client won’t connect to it automatically Wireless settings are configured to make sure it connects automatically to xxx. Quote
Netshroud Posted May 21, 2011 Posted May 21, 2011 What operating system is the workstation? If the original access point is running any sort of encryption, Windows Vista will refuse to connect to Jasager, and Windows 7 will not automatically connect (though it won't put up a fight like Vista does). Quote
truest.blue Posted May 21, 2011 Author Posted May 21, 2011 The workstation is running Windows 7. The orignal access point used WPA2-PSK wit AES. I've tried using an open connection (no passwords)& it still won't work. Wasn't clients automatically connecting to Jasager, The main reason why people buy it ? Quote
Netshroud Posted May 21, 2011 Posted May 21, 2011 Yes, but Microsoft got a little smarter after XP. Quote
truest.blue Posted May 22, 2011 Author Posted May 22, 2011 Alright mate But one of the clients/victims is using Windows XPSP3 :) So why won't it work ? Quote
digininja Posted May 22, 2011 Posted May 22, 2011 Pre XP SP2 Windows would associate with an AP and negotiate downwards on encryption till it gets to no encryption, from SP2 onwards if the client expects the AP to be WPA then it won't associate if it isn't WPA, same for all other encryption types. Some different client apps will still associate as the pre-SP2 ones but most won't. Quote
truest.blue Posted May 25, 2011 Author Posted May 25, 2011 Okay, First of all thank-you for your reply. I've got a victim running Windows XPSP3 and another Victim running Windows 7. Both of them are connected to a Open Wireless network without any encryption. Then I turn off my access point, So that SSID is not broadcasted anymore. Turn on Jasager & Karma Jasager fakes that SSID and shows it in Wireless networks. But my clients/victims wont automatically connect to it. Why is that happening ? Quote
digininja Posted June 7, 2011 Posted June 7, 2011 Are you seeing the SSID in the preferred network list or in a list when you scan for available APs? If you fancy a challenge boot a BT5 live cd on one of the machines, put the card into monitor mode and watch the wifi traffic with Wireshark. Then you will be able to see exactly what is happening. Quote
bobz Posted November 24, 2011 Posted November 24, 2011 Did you ever figure out the answer. I haven't fired up a packet sniffer but an having the same issue. @digininja I cant tell if that's the answer here or if you told him to do that for troubleshooting. Quote
0xPHK Posted January 26, 2012 Posted January 26, 2012 hope this thread is not dead yet. to your question: maybe both ;) when "debugging" or simply sniffing the packets you will find the needed informations in your dumped packets. give wireshark a try ;) but i can confirm that windows boxes running xpsp3 and later won't autoconnect to karma, all you can do is waiting that someone is dumb enough to manually connect to the karma'd ap.. what i cannot say is which os's will still connect automatically to the rouge ap, but regarding to several hak5 videos with darren, macs are a possibilty... maybe darren could answer to this cheers phk Quote
bboru Posted September 20, 2012 Posted September 20, 2012 I'm noticing that at least newer Android devices won't connect to Karma, as well as most Windows machines. Like previously mentioned they have to manually connect to the main SSID you're broadcasting. My MK4 doesn't even register the probes (if there are any) on the machines I've tested. Quote
Sebkinne Posted September 20, 2012 Posted September 20, 2012 I'm noticing that at least newer Android devices won't connect to Karma, as well as most Windows machines. Like previously mentioned they have to manually connect to the main SSID you're broadcasting. My MK4 doesn't even register the probes (if there are any) on the machines I've tested. I have to disagree. I am rocking a Galaxy nexus 4.1.1 and it still works. Best Regards, Sebkinne Quote
01000010 Posted September 20, 2012 Posted September 20, 2012 these are my karma debug steps check device to make sure karma is up and running ? - is karma enabled get victim device and connect to an open wifi access point while making up the name like karmatest22 if it connects then karma is working. anything else past that involves making sure the client is set to open networks, networks that do not broadcast and other things like that. Quote
digininja Posted September 20, 2012 Posted September 20, 2012 I agree with Seb, I was using my Android phone as a victim in a class I taught recently and it worked fine. If you ssh to the device and then tail the karma log in /tmp you'll see realtime everything that is happening, that may help work out what is going on. Quote
bboru Posted September 20, 2012 Posted September 20, 2012 All I can say is that on my three test devices I'm unable to get them to autoconnect to a karma'd SSID. I have an Android phone (2.3.6), an Android tablet (4.0.3), and a Windows laptop. All of them have saved unsecure networks saved that they will autoconnect to when they get in range. No matter what I do I can't get them to autoconnect to the Pineapple. Some people do get connected though, I just can't replicate it. Quote
myst32 Posted September 27, 2012 Posted September 27, 2012 (edited) It would seem that an easy fix would be for Karma to have an option that would allow you to load in a list of popular open SSID's and then send two or three beacons for each SSID on the list. This might "wake up" the non-working devices since they are passively looking for known networks. One of you could test this by running airbase-ng with the SSID you used on the phone.... Start and then stop it... then see if the client will connect via Karma on the pineapple... Also could run mdk3 with the "b -f <SSID_List.txt>" Beacon Flood Mode switch..... Edited September 27, 2012 by myst32 Quote
digininja Posted September 27, 2012 Posted September 27, 2012 Using an alternate tool to send the beacons would help but just as an FYI I tried to implement multiple beaconing in the hostapd drivers but due to restrictions on how the AP mode works at a low level it isn't technically possible to get more than about 4 different SSIDs in parallel. In my lab I only managed to get 2 working. I figured the benefit gained from a second wasn't wasn't worth the effort it would be to add it. Quote
myst32 Posted September 28, 2012 Posted September 28, 2012 Using an alternate tool to send the beacons would help but just as an FYI I tried to implement multiple beaconing in the hostapd drivers but due to restrictions on how the AP mode works at a low level it isn't technically possible to get more than about 4 different SSIDs in parallel. In my lab I only managed to get 2 working. I figured the benefit gained from a second wasn't wasn't worth the effort it would be to add it. Where you creating real APs? I am just talking about generating fake beacons... Quote
myst32 Posted September 28, 2012 Posted September 28, 2012 (edited) SUCCESS... I was able to "wake up" the target pc by generating "fake" beacons. Here is my setup if others wish to test. Target PC is a win7 laptop. Removed all wireless networks and then created an open network called "test". Set encryption to open Selected "Connect automatically when this network is in range" Did NOT select "Connect even if the network is not broadcasting its name (SSID)" I then... Booted BT5 on attacking laptop and hooked up pineapple. Let set for several min... Win7 box did not connect and never sent a probe request. I then... Connected a ALFA AWUS036H to the BT5 laptop and placed it in monitor mode. I then created a text file called "wifinames" with the following info... attwife crazy test openwifi I then issued the following command.. airbase-ng --essids ./wifinames -c 11 mon0 I let it run for about 2 seconds and then killed it with Ctrl-C Looked over at the pineapple and the light started flashing... checked command center and... KARMA: Probe Request from XX:XX:XX:XX:XX:XX for SSID 'test' KARMA; Successful Association of XX:XX:XX:XX:XX:XX Check Win7 machine and it had indeed connected. The idea here is to use airbase-ng to generate "fake" beacons. Airbase-ng already has the capability to generate SSIDs from a list with the --essids command. So in theory we would just need to make a list of the most common open networks. Feed this list to airbase-ng... let it run long enough to generate the beacons for each SSID and then shut it off. Karma will take care of the rest... If you do not wish to use the file you can test using this command.. airbase-ng --essid <essid> -c 11 mon0 Please test for yourself.... Edited September 28, 2012 by myst32 Quote
loozr Posted September 28, 2012 Posted September 28, 2012 I'm just wondering if deauth would be possible to achieve the same results? I understand that deauth primarily is used to deauth client that are connected to AP, but would it also help in making clients aware of the fake net from the pineapple? Myst32; Would this technique also apply for Android phones? Quote
myst32 Posted September 28, 2012 Posted September 28, 2012 I'm just wondering if deauth would be possible to achieve the same results? I understand that deauth primarily is used to deauth client that are connected to AP, but would it also help in making clients aware of the fake net from the pineapple? Myst32; Would this technique also apply for Android phones? I don't think the deauth would work because the target PC is not expecting them. I would guess the target would just drop the packet. Plus, unless you know the mac of the target the best you could do is broadcast deauth for a network the target is not even on. I would think the trick above would work on a Android phone for the same reason it works on the Win7 box. However I do not have an Android phone to test with so I cant confirm this. Quote
alextrebek Posted September 28, 2012 Posted September 28, 2012 (edited) my htc V android(4.0.3) connects to karma my lenovo i3 laptop running centos or win7 connects to karma my lenovo core2duo laptop running centos or win7 connects to karma my asus atom netbook running centos connects to karma my wm860 armbook connects fine with android, with WinCE i don't think auto connection is possible ? (i may be wrong) my wrt54g v2.2 and wrt54gs v4 while running Gargoyle firmware in sta mode connect to karma with no problems my ibook g3 (lol) connects to karma my friends powerbook and ipad connects to karma Blackberries and Wii's seem to connect Very easily dont have anything else to test it on, sorry guys are having so many problems but i haven't had much also just confirmed my roku2 connects with out issue and the only saved network is a wpa2 Edited September 28, 2012 by alextrebek Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.